Gathering detailed insights and metrics for @utilitywarehouse/uw-lib-auth.js
Gathering detailed insights and metrics for @utilitywarehouse/uw-lib-auth.js
A node.js module providing universal auth implementation for use in utilitywarehouse service implementation.
Installations
npm install @utilitywarehouse/uw-lib-auth.jsDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
18.7.0
NPM Version
8.15.0
Languages
2
JavaScript
Makefile
JavaScript (96.46%)
Makefile (3.54%)
Developer
utilitywarehouse
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
1 Stars
51 Commits
2 Forks
81 Watchers
7 Branches
15 Contributors
Updated on Jun 18, 2024
Maintainers
1
Package Meta Information
Latest Version
1.2.5
Package Id
@utilitywarehouse/uw-lib-auth.js@1.2.5
Unpacked Size
19.57 kB
Size
8.38 kB
File Count
15
NPM Version
8.15.0
Node Version
18.7.0
Published on
Mar 20, 2023
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
This package is now deprecated, and should not be considered secure and will not be maintained
uw-lib-auth.js
A node.js module providing universal auth implementation for use in utilitywarehouse service implementation.
OAuth2 + JWT
This handler applies if a Authorization: Bearer <token> header is present. JWT verification is implemented using a private/public key pair where private part is held secretly by issuing server (uw-service-shepherd) and public key is issued to implementing services.
Extending with your own handlers
The module exposes an 'abstract' class module.Method.Method that your handler needs to be extending. You are required to implement following methods:
applies(headers hash) : bool- a synchronous function accepting a hash of request headers (all lowercase) that returns true if the correct header is presentexecute(headers hash, callback fn(err, result)) : void- an asynchronous function accepting a hash of request headers and a result callback, any result out of the auth process can be passed in the callback and will be attached to reques
Usage
1const express = require('express'); 2const path = require('path'); 3const app = express(); 4 5const authModule = require('./..'); 6 7const auth = new authModule.Provider([ 8 new authModule.Method.oAuth2JWT({ 9 key: authModule.Key.fromFile(path.join(__dirname, '../tests/resources/public.pem')), 10 algo: [authModule.Key.RS256] 11 }) 12]); 13 14app.use(auth.middleware()); 15 16app.get('/:id', /*auth.middleware.scope('partner.:id.read'),*/ function (req, res) { 17 res.json({auth: req.auth}); 18}); 19 20app.use((error, req, res, next) => { 21 res.status(error.status).json(error); 22}); 23 24app.listen(3000, function () { 25 console.log('Example app listening on port 3000!') 26})
NPM
Lib is published on NPM under the utilitywarehosue namespace. It is public.
yarn add @utilitywarehouse/uw-lib-auth.js
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENCE:0
- Info: FSF or OSI recognized license: MIT License: LICENCE:0
Reason
5 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
Reason
Found 3/12 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 21 are checked with a SAST tool
Score
3
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More